nanog mailing list archives
Re: JUNOS forwards IPv6 link-local packets
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Mon, 30 Apr 2012 14:36:34 -0400 (EDT)
On Fri, 27 Apr 2012, Chris Adams wrote:
I don't think that will work, because there's an automatic direct route for fe80::/64 to all interfaces with family inet6 configured. The only way I see around it is to apply a firewall filter to all IPv6 interfaces that blocks anything with a source in fe80::/64 and destination _not_ in fe80::/64.
I've verified this between two M7is in my lab, running Junos 10.3. I tried to verify similar behavior between a 6509 running 12.2(33)SXJ2 and my target M7i, but either the Cisco box doesn't appear to allow the traffic, or the command parser in that version of IOS is smart enough not to allow a ping sourced from a link-local address, but destined to a non-link-local address.
jms
Current thread:
- JUNOS forwards IPv6 link-local packets Chris Adams (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Jack Bates (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Chris Adams (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Jack Bates (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Chris Adams (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Jack Bates (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Christopher Morrow (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Owen DeLong (Apr 28)
- Re: JUNOS forwards IPv6 link-local packets Chris Adams (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Jack Bates (Apr 27)
- Re: JUNOS forwards IPv6 link-local packets Justin M. Streiner (Apr 30)
- Re: JUNOS forwards IPv6 link-local packets Phil Bedard (Apr 30)